Authors:
Vassiliki Koufi
;
Flora Malamateniou
and
George Vassilacopoulos
Affiliation:
University of Piraeus, Greece
Keyword(s):
Cloud Computing, Personal Health Record, eRadiology, Healthcare process, Authorization.
Related
Ontology
Subjects/Areas/Topics:
Artificial Intelligence
;
Communication, Collaboration and Information Sharing
;
Information Security
;
Knowledge Management and Information Sharing
;
Knowledge-Based Systems
;
Symbolic Systems
Abstract:
The confidentiality of healthcare information is extremely important in any healthcare system. This paper is concerned with the development of suitable authorization and access control framework for eRadiology seen as a cloud computing service offered to healthcare professionals and patients alike. While eRadiology is expected to improve many aspects of healthcare, these high expectations will be achieved only if provider organizations pay continuing attention to the features that would most improve patients’ safety and health and select systems that have such appropriate features, security being among the most prominent ones. In particular, although the eRadiology workflow varies with the context, giving rise to specific ordering of task executions, it is authorization that determines who can execute the various workflow tasks and what information can be accessed during task executions. The main objective of this paper is to embed context-aware access control into eRadiology workflo
ws, operating in conjunction with a personal healthcare record (PHR) system which has been implemented in a cloud computing infrastructure. The proposed model enables authorization to be based not only on static rules and roles but also to be influenced by the workflow execution context ensuring precise and tight access control. The resultant security system has been incorporated into a prototype eRadiology workflow to enable authorized access to patient information when and where needed.
(More)